General
-
Target
f40cd4fac1c075d4f89b6e5f3ff74b8b44c66c34fc1a3dbed0c4609dffa0dd12
-
Size
1.2MB
-
Sample
230414-gd2l9sgd63
-
MD5
006e2e0feb1ef67afb139442a4c881c4
-
SHA1
e19becbd1804fe1396daf3bc3ca99e2f9a6a4304
-
SHA256
f40cd4fac1c075d4f89b6e5f3ff74b8b44c66c34fc1a3dbed0c4609dffa0dd12
-
SHA512
8b39aa560565ce9b49e20e6c66dfce3e35b76f6493305220ff0e4c1e341076ae9f32ed53e0775549b6380cd2cd03c697310cf3d0c7c2c706c4320bbc2d046010
-
SSDEEP
24576:byF/Mtydn8JkSLVrIc6EAY1rvY6Lo/FjrNQScR0iE:OZmMnwLn1rY6Lo/lN/+0
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
f40cd4fac1c075d4f89b6e5f3ff74b8b44c66c34fc1a3dbed0c4609dffa0dd12
-
Size
1.2MB
-
MD5
006e2e0feb1ef67afb139442a4c881c4
-
SHA1
e19becbd1804fe1396daf3bc3ca99e2f9a6a4304
-
SHA256
f40cd4fac1c075d4f89b6e5f3ff74b8b44c66c34fc1a3dbed0c4609dffa0dd12
-
SHA512
8b39aa560565ce9b49e20e6c66dfce3e35b76f6493305220ff0e4c1e341076ae9f32ed53e0775549b6380cd2cd03c697310cf3d0c7c2c706c4320bbc2d046010
-
SSDEEP
24576:byF/Mtydn8JkSLVrIc6EAY1rvY6Lo/FjrNQScR0iE:OZmMnwLn1rY6Lo/lN/+0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-